METHOD AND SYSTEM FOR TRANSMITTING AND/OR RECEIVING MESSAGES VIA IDENTIFICATION

Abstract

 The present invention refers to a method (S) of and to a system (T) for transmitting and/or receiving messages in an environment of registered transmitting sites (TX) and receiving sites (RX) via identification, wherein a respective message is selected from a fixed set of messages - which is in particular finite or countable - and sent and/or received over a compound channel (CC) via identification. In addition, the compound channel (CC) as a set of channels and ruled by a state variable (t) is given and used based on a compound code by using a stochastic encoder.

Description

[0001] The present invention refers to a method and a system for transmitting and/or receiving messages via identification, in particular in an environment of registered transmitting and receiving sites.

[0002] In the field of transmitting and/or receiving messages by identification the paradigm by Shannon which resides on (i) transmitting a desired message as such from the transmitting site and (ii) detecting the respective message at a receiver site is skipped. Instead, it has been proposed to use the concept of identification for transmitting/receiving messages. In other words, a code representative for a selected message is sent from the transmitting site, and the receiving site is configured to decide whether or not a message selected at the receiving site or a code therefore has been transmitted. By these measures introduced by Ahlswede and Dueck already in 1989, the channel capacity is increased in a double exponential manner.

[0003] It is an object underlying the present invention to improve transmission/receiving of messages by identification in view of its robustness and security aspects.

[0004] The object is achieved by a method and a system of/for transmitting messages according to independent claims 1 and 13, respectively. Preferred embodiments are defined in the respective dependent claims.

[0005] According to a first aspect of the present invention a method of transmitting and/or receiving messages in an environment of registered transmitting sites and receiving sites via identification is provided. According to the present invention a respective message is selected from a fixed set of messages - which may in particular be finite or at least countable - and which is sent and/or received over a compound channel via identification. In addition according to the present invention, the compound channel - as a set of channels and ruled by a state variable - is given and used based on a compound code by using a stochastic encoder.

[0006] According to a preferred embodiment of the present invention for identifying at a transmitting site a message to be sent and selected from the set of messages an identification code may be used which is generated based on said compound code by using a stochastic encoder.

[0007] This may in both cases be done in order to randomly select at the transmitting site a code for the message selected from the set of messages.

[0008] Additionally or alternatively for re-identifying at a receiving site whether a message corresponding to a code received at the receiving site is identical to a certain message selected from the set of messages at the receiving site an identification code or said identification code mentioned before may be used which is generated based on said compound code by using a stochastic encoder or said stochastic encoder.

[0009] In order to realize a respective stochastic encoder and/or a decoder, a variety of measures may be taken.

[0010] For instance and following a preferred embodiment of the present invention, at a transmitting site for a respective message selected said stochastic encoder may be configured in order to randomly assign thereto as a code for the message a value of a random variable within an assigned probability distribution, and the assigned code may be transmitted via the compound channel.

[0011] Additionally or alternatively, at a receiving site it may be checked whether a respective code received at the receiving site and referred to as a value of a random variable is within a probability distribution assigned to a respective message selected at the receiving site.

[0012] Under such circumstances, it may be recognized (i) that the respective message selected at the receiving site has been sent by a transmitting site and otherwise (ii) that the respective message has not been sent by the transmitting site. Thereby, the identification paradigm is realized in contrast to the channel in principle of identifying the sent message as such.

[0013] According to the present invention provable security can be achieved.

[0014] In order to gain such an object it is preferred that at a transmitting site a channel quality of a respective individual channel of the compound channel or of the compound channel in its entirety is monitored, in particular by observing the mutual information or trans-information between individual channels for a dedicated receiving site and individual channels for a non-dedicated receiving site, for a wiretapper entity and/or by deriving therefrom a representative channel security parameter.

[0015] In the following the notions non-dedicated receiving site, non-legitimate receiving site, wiretapper and eavesdropper may be used as synonyms.

[0016] Different physical observables may be used as a basis for deriving a respective channel security parameter.

[0017] According to another preferred embodiment of the present invention, the channel security parameter may be used as a basis for ruling the processing at a transmitting site.

[0018] In particular a process of sending a message selected at a transmitting site may be suppressed and/or postponed in case that the channel security parameter indicates that a secure transmission is not possible.

[0019] According to a further preferred embodiment of the method for transmitting and/or receiving messages, a secrecy transmission capacity may be used as a channel security parameter.

[0020] This parameter may indicate a possible secure transmission in case that it has a value larger than 0.

[0021] Based on the said channel security parameter a stochastic encoder or a set thereof may be chosen at a respective transmitting site.

[0022] Additionally or alternatively, a decoder or a set thereof may be chosen at a respective receiving site also based on said channel security parameter, wherein in particular a decoder at a receiving site may be formed according to the specification of a corresponding stochastic encoder at a transmitting site and may be deterministic.

[0023] Additionally or alternatively, a respective encoder and/or a respective decoder may be based on the nature of the compound channel and/or may be based on any one of LDPC codes, polar codes, turbo codes, and raptor codes.

[0024] At a receiving site a decoder may be formed by a family of pairwise non-disjunct decoder sets.

[0025] For securing a message (i) selected at the transmitting site and (ii) to be sent to a dedicated receiving site and its code against wiretapping by wiretapping entities and in particular by not-dedicated receiving sites a wiretap code may be constructed and used.

[0026] This may be done in order to thereby define and transmit at a transmitting site a coloring for the message or its code to be sent.

[0027] It is of particular advantage, if a respective encoder and/or decoder is formed based on a family of code books.

[0028] A respective instance of a code book may be chosen randomly and/or based on a respective channel security parameter as mentioned above.

[0029] The present invention further relates to a system for transmitting and/or receiving messages in an environment of registered transmitting sites and receiving sites via identification. The system is configured in order to perform or in order to be used in a method of transmitting and/or receiving messages in an environment of registered transmitting sites and receiving sites via identification according to the present invention.

[0030] Previously and in the following, a transmitter or transmitting site may be identified with an encoder, whereas a receiver or a receiving site may be identified with a decoder in the sense of the present invention.

[0031] In addition, the notions of probabilistic, random, and stochastic encoders may be used as synonyms in the sense of the present invention.

[0032] Further on, the notions mutual information and trans-information are used as synonyms, too.

[0033] It is inter alia a gist of the present invention to achieve in methods and systems for transmitting and/or receiving messages via identification an improved degree of robustness and security.

[0034] One key measure in order to realize this object - besides the usage of a compound channel - envisages involving a stochastic encoder.

[0035] According to a further aspect of the present invention, the concept of stochastic encoders is used in a threefold manner, namely in order to achieve robustness, to realize identification, and to guarantee secrecy of the transmitted information.

[0036] Using a stochastic encoder means that at least a transmitting site is capable of randomly selecting an element according to a certain distribution.

(1) For achieving robustness, a stochastic encoder is used in order to generate a compound code. This is necessary as within the concept of compound channel the transmitting site is not capable of knowing which channel within the class of channels defining the compound channel is actually being used.

(2) For realizing identification, a stochastic encoder is used in order to generate from the compound code an identification code. The stochastic encoder is used in order to randomly choose an element from a given set of elements.

(3) For guaranteeing secrecy in the process of transmitting and/or receiving messages, a stochastic encoder is used in order to generate the wiretap code. In this manner, the stochastic encoder is used in order to secure a message to be transmitted against wiretappers. The wiretap code is used as a second fundamental code in order to keep the message to be identified secret. This may also be referred as a coloring in connection with the message or its code to be transmitted.

[0037] These and further details, advantages and features of the present invention will be described based on embodiments of the invention and by taking reference to the accompanying figures.

Figure 1

is a block diagram elucidating general aspects of the method according to the present invention configured for transmitting and/or receiving a message or in general a data signal.

Figure 2

is a block diagram showing a schematic representation of communication in the sense of Shannon with the transmission of a message as such.

Figure 3

is a block diagram showing a schematic representation of communication by identification in the sense of the present invention.

Figure 4

is a block diagram showing a schematic representation of a compound channel in the sense of the present invention.

Figure 5

is a block diagram showing a schematic representation of a compound wiretap channel in the sense of the present invention.

[0038] In the following embodiments and the technical background of the present invention are presented in detail by taking reference to accompanying figures 1 to 5. Identical or equivalent elements and elements which act identically or equivalently are denoted with the same reference signs. Not in each case of their occurrence a detailed description of the elements and components is repeated.

[0039] The depicted and described features and further properties of the invention's embodiments can arbitrarily be isolated and recombined without leaving the gist of the present invention.

[0040] The scheme according to the block diagram of figure 1 generally follows the concept of coding/decoding and modulation/demodulation in digital communication proposed in 1974 by Massey.

[0041] The scheme of figure 1 discloses a system T - being it a hardware structure, a configuration of a method or of processing units or a combination thereof - comprising

(i) an information source unit T1 configured to provide a signal U to be converted and transmitted, an

(ii) encoding unit T2 configured to receive and encode the signal U and to output an encoded signal X,

(iii) a modulator unit T3 configured to receive and modulate the encoded signal X and to output a modulated signal s(t) for transmission over

(iv) a transmission/reception waveform channel unit T4,

(v) a demodulator unit T5 configured to receive the modulated signal s(t) in a form r(t) possibly distorted by the transmission channel unit T4 and to demodulate said signal in order to output a demodulated signal Y,

(vi) a decoder unit T6 configured to receive and decode the demodulated signal Y and to output the decoded signal V, and

(vii) an information sink unit T7 configured to receive the decoded signal V.

[0042] Key aspects of the present invention are situated in the encoding unit T2 and decoding unit T6 also to be seen in connection with respective embracing transmitter TX and receiver RX for transmitting and receiving, respectively, data signals and in particular messages or codes therefore.

[0043] Figure 2 is a block diagram showing a schematic representation of communication in the sense of Shannon with the transmission of a message m as such.

[0044] Figure 2 therefore represents the classical paradigm of communication, wherein in a first section S2-1 of the processing shown in figure 2 a message m is selected from a set

of messages such that formally the expression

is fulfilled. According to section S2-2 the selected message m as such is transmitted through a channel and at a receiver site represented by section S2-3 the received message m' as such is identified.

[0045] In contrast thereto, figure 3 is a block diagram showing a schematic representation of communication by identification in the sense of the present invention and therefore represents the new paradigm of communication.

[0046] As shown in connection with section S3-3, a receiver site does not explicitly detect the message m selected and sent by a transmitting site indicated by section S3-1, but instead obtains information about whether or not a message m' selected at the receiver site has been sent by the transmitting site and communicated through the channel indicated by section S3-2.

[0047] The new scheme of communication by identification

[0048] Besides the change of paradigm from detecting a message sent to detecting whether or not a selected message has been sent, i.e. the change to communication by identification, the change to an alternate form of channel is a crucial point for the present invention, namely the usage of a so-called compound channel CC.

[0049] Figure 4 is a block diagram showing a schematic representation of a compound channel CC in the sense of the present invention.

[0050] Section S4-1 represents the environment of a transmitter or transmitting site TX, whereas section S4-3 represents the environment of a receiver or receiving site RX. The transmitting site TX and the receiving site RX are connected by a so-called compound channel CC which is represented by section S4-2 and comprises a set or family of concrete channels which are selectable by the action of a state selector represented by section S4-2, wherein each state t of a given set θ of states defines the selection of the concrete channel of the compound channel CC. In addition the transmission of a selected message or a coat thereof through the compound channel CC is characterized by the channels transmission function W_t which is formed by a stochastic matrix.

[0051] Figure 5 is a block diagram showing a schematic representation of a compound wiretap channel WC in the sense of the present invention.

[0052] The configuration shown in figure 5 corresponds to the configuration shown in figure 4, i.e. sections S5-1, S5-2, S5-3, and S5-4 of figure 5 directly correspond to respective sections S4-1, S4-2, S4-3, and S4-4 of the configuration shown in figure 4.

[0053] In addition, the configuration of figure 5 for the compound wiretap channel CWC comprises as a non-dedicated or non-legitimate und thus desired receiving site a wiretapper WT in section S5-6 which is connected to the transmitting site TX situated in section S5-1 by means of a wiretap channel WC in section S5-5 and defined by transmission function V_t in the form of a stochastic matrix and dependent on the state selector of section S5-4 and the respective states t ∈ θ = {1,...,T} selected.

1 General technical formulation

[0054] These and further aspects of the present invention will also be described in detail in the following, which inter alia additionally relate to general protocols for secure and robust identification via channels.

[0055] Thus, in the context of the present invention, secure and robust protocols for identification of messages over communication channels are considered.

[0056] Accordingly, in the general theory of identification underlying the present invention the goal of a receiver is changed compared to direct message transmissions. In the theory of message transmission, as it has been defined by Shannon, the goal of a receiver of section S2-3 was to decode the transmitted message as such from a transmitting site in section S2-1 and received via a channel in section S2-2 as shown in figure 2.

[0057] For this kind of communication, a receiver RX in section S2-3 must be capable of successfully decoding all the messages from a sender or transmitter TX in section S2-1.

[0058] In the theory of identification, however, a receiver RX has to decide, based on the information obtained via a channel situated in section S3-2, whether or not the message transmitted by a transmitter TX is equal to an arbitrarily selected message of the message set, as demonstrated in figure 3.

[0059] The receiver's answer should be correct with high probability.

[0060] Machine-to-machine and human-to-machine communications are centrally important to future communication systems. These new applications demand a strict adherence to end-to-end latency.

[0061] As can be shown, the secrecy for these applications and their necessary latency requirements must be embedded in the physical transmission. Furthermore, for many of the applications discussed, the message transmission problem is too limiting. The theory of identification is not as restrictive at the receiver side like the theory of communication. For this reason, significant performance improvements in communication systems by using implementation of identification codes instead of usual communication codes can be expected.

[0062] In particular, possible promising applications with improvements - among other - are

• communication solutions for industry 4.0,
• communication solutions for logistics applications,
• vehicle-to-vehicle communication,
• vehicle-to-infrastructure communication, and
• infrastructure-to-vehicle communication.

[0063] The future 5G communication system "tactile internet" will be developed for these and other applications. In all of these applications, at least one of the following situations occur: The transmitter TX measures physical and technical variables and sends corresponding data to a receiver (for example, a control center) for evaluation. A large part of the possible measured values is not critical for the system behavior as long as the corresponding measured values are in an uncritical range. In this case, the receiver RX does not have to be able to decode/process the values. The receiver is only interested if the values are in a critical range. He only wants to decode/process these critical values. The essential point is that the transmitter TX does not need to have any global knowledge about what values are important to the receiver RX (for example the control center). The importance of what values are actually important can change during the operation of the technical system. Such situations occur in the above-mentioned applications.

[0064] In the following sections regarding some background and its limitations, the difference between these two conceptual formulations will be considered.

[0065] Two different problems are consider, namely (1) robust identification as such and (2) robust and secure identification on the other hand:

(1) Robust identification

[0066] In the 1^st problem, identification with channel uncertainty is considered. This is modeled by a given set of channels. The communication participants know this set, but they do not know which channel of this set describes the channel actual used. This can be caused, for example, by a time change or by an inaccurate estimate of the channel. This can also be considered as a channel with state selector. A state selector S4-4, S5-4 chooses a channel, but the transmitter TX and the receiver RX do not know his selection. Such a model is called a compound channel and may be denoted by CC.

[0067] To construct a (n, N, λ) identification code for the compound channel, a (n, M, λ) transmission code

is used for the compound channel CC which reaches the capacity. From the message set

of the transmission code one takes

subsets

, each of cardinality └εM┘, such that the cardinalities of the pairwise intersections

, ∀ i, j = 1,..., N (i ≠ j). An identification compound code {(P_i, D_i) : i = 1,...,N} is constructed by taking as P_i the uniform distribution on

and as D_i the union of the corresponding E_ms.

[0068] Figure 4 shows an example of a compound channel CC.

(2) Robust and secure identification

[0069] In the 2^nd problem identification with channel uncertainty and security is considered. The 1^st problem is extended by an eavesdropper or wiretapper WT. In practice, this means that the transmitter TX and the recipient or receiver RX do not want other - e.g. hostile - parties to be able to identify the message. It is called a wiretap channel and may be denoted by WC. It is defined by a common input alphabet and possibly different output alphabets, connecting a sender with two receivers, one legal receiver RX and one wiretapper WT. The legitimate receiver RX accesses the output of the 1^st channel and the wiretapper WT observes the output of the 2^nd channel. A code for the channel conveys information to the legal receiver RX such that the wiretapper WT knows nothing about the transmitted information. This again can be considered as a transmission with a state selector situated in section S5-4 in figure 5. As before, a state selector chooses a state t, but the transmitter TX and the receiver RX do not know his selection. Now the wiretapper WT gets the selected state t.

[0070] This corresponds to an active attack by the state selector and passive wiretapping. One may assume that the wiretapper WT also acts as a state selector. To construct a (n, N, λ) identification code for the compound wiretap channel also denoted by CWC, one may use two fundamental codes, namely a (n, M', λ) transmission code

for the compound channel CC with code size

and a (

, M",

) wiretap code for the wiretap channel WC with code size

. For the message set

of the transmission code one may use a suitable indexed set of colorings of the messages with a relatively small number of colors (compared to the number of messages) which is known both to the sender and the receiver(s).

[0071] Each coloring corresponds to an identification message. The transmitter TX chooses one coloring, let's say T_i, and a message of the message set M', let's say m at random. Then he calculates the color of the message m under T_i and transmits both the message m with the 1^st fundamental code and the color of the message m under T_i with the 2^nd fundamental code. The receiver RX interested in identification message i' calculates the color of the message m under T_i' and checks whether it is equal to the received color or not. In the 1^st case, it is decided that the original identification message was i', otherwise he says it was not i'. A wiretap code is used for the 2^nd fundamental code with the strong secrecy criterion. It is thus not possible for the wiretapper WT to identify the message.

[0072] Figure 5 shows the compound wiretap channel CWC.

2 Background

[0073] For the above application fields, or generally for the applications mentioned with the tactile internet, already some parts have been standardized or are in the current development/standardization. One example is the 5G wireless communication system. All solutions are based on the communication approach of Shannon (see figure 2), which means that these implementations/standardizations do not even have the structure of the identification task.

[0074] This results in an inefficient use of the resources of the communication system (see Section 3, subsection 1). This will also be shown by the representations of the following known scientific results for identification.

[0075] The communication task of identification was introduced in by R. Ahlswede and G. Dueck. The compound channel model was introduced by Blackwell, Breiman, and Thomasian. The degraded form of the wiretap channel was introduced by Wyner. The non-degraded model can be solved.

[0076] According to the present invention, two methods for coding strategies are used.

[0077] Information theoretic models and their achievable rates are considered. Our second model concerned with security. One may use for the envisaged strategy codes with strong secrecy. The definitions of our two models are as follows.

[0078] 1. Firstly, the compound channel CC is considered. This model models both lack of knowledge of the channel and possible attacks by an attacker. The lack of knowledge of the channel occurs when the channels can only be estimated in real communication systems. Pilot signals are used for this purpose.

[0079] Definition 1: A discrete memoryless compound channel CC is a triple

(,

,

), where

is the finite input alphabet,

is the finite output alphabet, θ is a finite state set, and

such that for t ∈ θ

is a stochastic matrix. The probability for a sequence

to be received if

was sent and t ∈ θ is the state defined by

[0080] If it is clear which alphabets are to be used, one may omit them if one is talking about the channel. If P is a probability distribution on

and

, a stochastic matrix, one may set for the mutual information I, also called the transinformation I, I(P; W) :=I(X Λ Y) where X is a random variable (or RV) with distribution P and Y has conditional distribution W(·|x), given X = x.

[0081] The compound Channel CC works as follows: Before the sender TX transmits xⁿ over the channel, t ∈ θ is chosen by the state selector and W_t is used during the transmission. A compound channel CC with /θ/ = 1 is called a discrete memoryless channel, abbreviated by DMC.

[0082] In the following, a suitable code-concept for transmitting messages over a given compound channel CC is defined.

[0083] Definition 2: A randomized (n, M, λ)-transmission code for a compound channel CC with (W_t)_t∈θ is a family of pairs

such that ∀ i = 1,..., M and ∀ i ≠ j the following relations





are fulfilled.

[0084] The definition M^CC(n, M, λ) := max{M : A (n, M, λ) CC code exists} is adopted.

[0085] Definition 3: Let W be a compound channel CC.

(a) The rate R of an (n, M, λ) code is defined as R = log(M)/n bits.

(b) A rate R is said to be achievable if for all λ ∈ (0, 1) there exists a n₀(λ), such that for all n ≥ n₀(λ) there exists a (n, 2^nR, λ) code.

(c) The transmission capacity C(

) of a compound channel

is the supremum of all achievable rates.

[0086] The following theorem holds.

[0087] Theorem 1: The capacity of the compound channel

is

[0088] 2. Secondly, the wiretap channel WC is considered in the following.

[0089] Definition 4: A discrete memoryless wiretap channel (WC) is a quintuple (

,

,

, W, V) wherein

is the finite input alphabet,

is the finite output alphabet for the legitimate receiver RX,

is the finite output alphabet for the wiretapper WT,

is the channel transmission matrix, whose output is available to the legitimate receiver RX, and

is the channel transmission matrix, whose output is available to the wiretapper WT. The channels are assumed to be memoryless, thus,

and

.

[0090] Definition 5: A (n, M, λ) secrecy code for the wiretap channel (

,

,

, W, V) is defined as a system

where for all i:

and

. It is required





where U is a uniformly distributed random variable taking values in {1,..., M} and Zⁿ is the resulting random variable at the output of the channel V of the wiretapper WT

[0091] The (message transmission) secrecy capacity Cs(W, V) of the wiretap channel WC is defined as the maximum rate of any code which satisfies these conditions. Formally, let

then the secrecy capacity Cs of the wiretap channel is defined as C_S(W, V) = sup{R_s : ∀ ε > 0, ∃n(ε) such that for n ≥ n(ε) M_s(n,ε) ≥ 2^nRs}.

[0092] The following property holds:

Theorem 2:

[0093] 

wherein Y is the resulting random variable at the output of legal receiver channel and Z is the resulting random variable at the output of wiretap channel WC. The maximum is taken over all random variables that satisfy the Markov chain relationship U → X → YZ.

[0094] 3. Thirdly, identification codes are considered in the following.

[0095] Definition 6: A randomized (n, M, λ₁, λ₂)_i identification code for the DMC is a family of pairs

with

and with errors of the 1^st and the 2^nd kind, respectively, bounded by

and

[0096] The receiver RX which is interested in message i will decide that his message was transmitted if and only if the received channel output is in

, otherwise the receiver RX will deny that message i was sent.

[0097] Those two error probabilities turn out to be of different nature: Errors of the 1^st kind are produced by channel noise, while on the other hand errors of the 2^nd kind are mainly created by the identification code scheme.

[0098] Let

ID code exists with λ₁, λ₂ ≤ λ}.

[0099] Definition 7: Let (

,

, W) be a DMC.

(a) The rate R of an (n, N, λ₁, λ₂) identification code is defined as

bits.

(b) The identification rate R of a DMC is said to be achievable if for all λ ∈ (0, 1) there exists a n₀(λ), such that for all n ≥ n₀(λ) there exists a (n, 2^2_nR, λ, λ) identification code.

(c) The identification capacity C_ID(W) of a DMC W is the supremum of all achievable rates.

Theorem 3:

[0100] 

where C(W) denotes the Shannon capacity of the channel.

[0101] 4. Fourthly, identification over a wiretap channel WC is considered.

[0102] Definition 8: A randomized (n, N, λ) wiretap channel identification code for the wiretap channel WC is a system

where, for all i,

and

, which satisfies the following three conditions:

(a) for all i :

(b) for all pairs (i, j) with i ≠ j :

(c) for any pair (i, j) with i ≠ j and any

[0103] Definition 9: The maximum M for which a randomized (n, M, λ) wiretap channel identification code exists is denoted by M^SID(n, λ). Define the secure identification capacity C_SID of the wiretap channel WC by letting

[0104] A remarkable result on this problem follows.

[0105] Theorem 4: Let C(W) be the Shannon capacity of the channel W and let Cs(W, V) be the secrecy capacity of the wiretap channel WC, then

and

3 Limitations

[0106] Two areas are considered: On the one hand the implementations and on the other hand the scientific results.

1. As already described in Section 2 above, all known implementations for solving the problem of identification are based on Shannon's transmission theory. By this limitation, much less messages/events can be identified quantitatively. More specifically, using the protocols based on Shannon's theory, 2^nC messages/events can be transmitted, where C is the capacity of the channel. So based on Shannon's approach only 2^nC messages/events can be identified. Using the protocols based on identification theory, 2^2_nC messages/events can be identified. Therefore, for problems in which messages/events have to be identified, such as those described in section 1, one should use protocols from the identification theory. This direct implementation has resulted in an extreme increase in efficiency, is the sense of an exponential increase.

2. The 1^st identification protocols were developed by Ahlswede and Dueck in 1989. The 1^st identification protocol with safety aspect was developed by Ahlswede and Zhang in 1995. All known protocols for identifications can only be used for non-robust channels. Therefore the channel have to be known exactly. Practically, this is not possible.

[0107] Furthermore, the protocol for identification with an eavesdropper uses a wiretap code with a weak secrecy condition. Whereas the strong secrecy condition requires the total information transfer to the eavesdropper to tend to zero, the weak secrecy condition requires the per-symbol information transfer to go to zero. Obviously, the strong secrecy condition guaranteed more security. Therefore, it is more suitable to use the strong secrecy condition, when one can reach the same capacity as with the weaker one.

4 Further aspects of the present invention

[0108] The present invention inter alia considers robust identification codes and secure robust identification codes.

[0109] 1. Firstly, a robust identification code is defined.

[0110] Definition 10: A randomized (n, N, λ₁, λ₂) compound channel identification code with states t in a set θ = {1, ..., T} is a family of pairs

such that ∀ i, j =1,..., N, i ≠ j

and with errors of the 1^st and the 2^nd kind, respectively, bounded by

and

[0111] Definition 11: Let (

,

,

) be a compound channel CC.

(a) The transmission rate R of an (n, N, λ₁, λ₂) compound channel identification code is R = log(log(N)) / n bits.

(b) The identification rate R of a compound channel CC is said to be achievable if for all λ ∈ (0, 1) there exists a n₀(λ), such that for all n ≥ n₀(λ) there exists a (n, 2^2_nR, λ, λ) compound channel identification code.

(c) The identification capacity

of a compound channel W is the supremum of all achievable rates.

[0112] It can be shown that the errors of the 1^st and of the 2^nd kind for the construction described in section 1.1 are small. Furthermore, it can be shown that the rate of the protocol is best possible.

[0113] The core of the proof is a result achieved on hypergraphs.

[0114] A hypergraph is a pair

with a finite set ν of vertices and a finite set ε of (hyper-)edges

may be called e-uniform, if all its edges E have cardinality e. An edge

denotes the characteristic function of

by 1_E.

[0115] The identification capacity C_ID of a robust channel model, i.e. of the compound channel CC, is determined.

[0116] Theorem 5: For the compound channel CC the relation

holds.

[0117] 2. Secondly, a secure robust identification code is defined.

[0118] Definition 12: Let θ = {1,..., T} be a finite index set. A discrete memoryless compound wiretap channel , denoted by CWC, is a quintuple (

,

,

, W, V), wherein X is the finite input alphabet,

is the finite output alphabet for the legitimate receiver RX,

is the finite output alphabet for the wiretapper WT,

with

is the set of the transmission matrices whose output is available to the legitimate receiver RX, and

with

is the set of transmission matrices whose output is available to the wiretapper WT. The channel is assumed to be memoryless.

[0119] The problem of identification via this channel in the sense of Ahlswede and Dueck can be formulated as follows:
Definition 13: Let θ = {1,...,T},



, and (

,

) be a compound wiretap channel CWC. A randomized

identification code of a compound wiretap channel CWC is a family of pairs

with

such that ∀ i, j = 1,...,N, i ≠ j the following relations are fulfilled





for any pair (I, j) with i ≠ j and any

.

[0120] Definition 14: The maximum M for which a randomized (n, M, λ) compound wiretap channel identification code exists is denoted by M^SID(n, λ). Define the secure identification capacity C_SID of the compound wiretap channel CWC by

0, ∃n(λ) such that for n ≥ n(λ) M^SID(n, λ) ≥ 2^2n(R-λ)}.

[0121] The identification capacity of the compound wiretap channel CWC can be given and a secure and robust identification code can be constructed.

[0122] Theorem 6: (Dichotomy Theorem) Let C_S(

) be the capacity of a compound channel

and let

be the secrecy capacity of the compound wiretap channel CWC (

,

), then

and

are fulfilled.

[0123] The identification code is constructed by two codes.

[0124] Let 0 < ε < C be fixed. There is a δ > 0 such that for sufficiently large n there is an (n, M', λ(n)) compound channel code

and an (

, M",

) compound wiretap channel or CWC code

with code sizes

and

.

[0125] It can be shown that the identification capacity C_ID(

) is positive if the capacity of the wiretap channel WC is positive.

[0126] It is clear that the secure identification capacity cannot exceed the identification capacity of the channel. It is enough to show that the secure identification capacity is zero if the message transmission secrecy capacity is zero. Therefore it is shown that

, then

.

5 Benefits of the proposed invention

[0127] With the present invention, the 1^st protocol for identification of a message over a robust Channel is developed. This has the advantage that exact channel knowledge is not needed any more. Furthermore, another protocol can be given which is protected against an eavesdropper. It is shown that only a small secrecy capacity of the wiretap channel WC is necessary in order to use the full identification capacity of the channel and to keep the wiretapper WT uninformed. By using the theory of identification instead of Shannon's transfer theory, an exponential efficiency increase is achieved, as discussed in more detail in section 1. This can be considered as a model with a state selector. The selector chooses a state t, but the sender TX and the receiver RX do not know his selection. The wiretapper WT gets the state t. This corresponds to an active attack by the state selector and passive wiretapping. It may be assumed that the wiretapper WT also acts as a state selector. For the construction of the code a code with strong secrecy criterion can be used.

[0128] This invention can also be described by the following clauses:

1. Method (S) of transmitting and/or receiving messages in an environment of registered transmitting sites (TX) and receiving sites (RX) via identification, wherein:

• a respective message is
  • selected from a fixed set of messages - which is in particular finite or countable - and
  • sent and/or received over a compound channel (CC) via identification and
• the compound channel (CC) as a set of channels and ruled by a state variable (t) is given and used based on a compound code by using a stochastic encoder.

2. Method (S) according to clause 1, wherein

• for identifying at a transmitting site (TX) a message to be sent and selected from the set of messages and/or
• for re-identifying at a receiving site (RX) whether a message corresponding to a code received at the receiving site (RX) is identical to a certain message selected from the set of messages at the receiving site (RX)

an identification code is used which is generated based on said compound code by using a stochastic encoder, in particular in order to randomly select at the transmitting site a code for the message selected from the set of messages.

3. Method (S) according to any one of the preceding clauses, wherein at a transmitting site (TX)

• for a respective message selected said stochastic encoder is configured to randomly assign thereto as a code for the message a value of a random variable within an assigned probability distribution and
• the assigned code is transmitted via the compound channel (CC).

4. Method (S) according to any one of the preceding clauses, wherein at a receiving site

• it is checked whether a respective code received at the receiving site and referred to as a value of a random variable is within a probability distribution assigned to a respective message selected at the receiving site and
• in particular in this case it is recognized (i) that the respective message selected at the receiving site has been sent by a transmitting site and otherwise (ii) that the respective message has not been sent by the transmitting site.

5. Method (S) according to any one of the preceding clauses, wherein at a transmitting site (TX)

• a channel quality of a respective individual channel of the compound channel or of the compound channel in its entirety is monitored,
• in particular by observing the mutual information or trans-information between individual channels for a dedicated receiving site (RX) and individual channels for a non-dedicated receiving site, for a wiretapper entity (WT) and/or by deriving therefrom a representative channel security parameter.

6. Method (S) according to clause 5, wherein

• the channel security parameter is used as a basis for ruling the processing at a transmitting site (TX) and
• in particular a process of sending a messages selected at a transmitting site is suppressed and/or postponed in case that the channel security parameter indicates that a secure transmission is not possible.

7. Method (S) according to clause 6, wherein

• a secrecy transmission capacity is used as a channel security parameter,
• which in particular indicates a possible secure transmission if it has a value larger than 0.

8. Method (S) according to any one of clauses 5 to 7, wherein based on the said channel security parameter

• a stochastic encoder or a set thereof is chosen at a respective transmitting site (TX) and/or
• a decoder or a set thereof is chosen at a respective receiving site (RX), wherein in particular a decoder at a receiving site is formed according to the specification of a corresponding stochastic encoder at a transmitting site and/or is deterministic.

9. Method (S) according to any one of clauses 5 to 8, wherein
a respective encoder and/or a respective decoder is based on the nature of the compound channel (CC) and/or based on one of LDPC codes, polar codes, turbo codes and raptor codes.

10. Method (S) according to any one of the preceding clauses,
wherein at a receiving site (RX) a decoder is formed by a family of pairwise non-disjunct decoder sets.

11. Method (S) according to any one of the preceding clauses,

• wherein for securing a message (i) selected at the sending site and (ii) to be sent to a dedicated receiving site (RX) and its code against wiretapping by wiretapping entities (WT) and in particular by not-dedicated receiving sites a wiretap code is used,
• in particular in order to thereby define and transmit at a transmitting site (TX) a coloring for the message or its code to be sent.

12. Method (S) according to any one of the preceding clauses,
wherein a respective encoder and/or decoder is formed based on a family of code books, wherein a respective instance of a code book is chosen randomly and/or based on a respective channel security parameter.

13. System (T) for transmitting and/or receiving messages in an environment of registered transmitting sites (TX) and receiving sites (RX) via identification,

which is configured to perform or to be used in a method (S) according to any one of clauses 1 to 12.

List of reference signs

[0129] 

CC

compound channel

CWC

compound wiretap channel

I_S

mutual information, trans-information

r(t)

sent signal, after physical channel T4 and before demodulator T5

RX

receiver, receiving site

s

signal to be sent, after modulator T3 and before physical channel T4

S

transmission/reception method

t

state variable

T

transmission/reception system

T1

information source unit

T2

encoding unit

T3

modulator unit

T4

(physical) transmission/reception (waveform) channel unit

T5

demodulator unit

T6

decoder unit

T7

information sink unit

TX

transmitter, transmitting site, sender

U

signal from source T1, before encoder T2

V

signal to sink T7, after decoder T6

WC

wiretap channel

WT

wiretapper

X

signal, after encoder T2 and before modulator T3

Y

signal, after demodulator T5 and before decoder T6

Claims

1. Method (S) of transmitting messages in an environment of transmitters (TX) and receivers (RX) for a transmitter (TX) involving a process of identification, comprising:

- selecting a message to be sent from a fixed set of messages,

- generating a (n, N, λ) identification code based on a compound code by using a stochastic encoder in order to randomly select a code from the compound code for the message to be sent, wherein the stochastic encoder is used in order to generate the identification code from the compound code,

- sending (TX) the identification code over a channel, wherein the channel is modelled as a given compound channel (CC) which is formed as a set of channels and is ruled by a state variable t, wherein the state t is not known to the transmitter (TX);

wherein two fundamental codes are used to construct the (n, N, λ) identification code for the compound channel, namely a (n, M', λ) transmission code

for the compound channel (CC) with code size

and a (

, M",

) wiretap code for the wiretap channel WC with code size

,

wherein a suitable indexed set of colorings of the messages with a relatively small number of colors M" compared to the number of messages which is known both to the sender and the receiver is used for the message set

of the transmission code,

wherein each coloring corresponds to an identification message and the transmitter (TX) chooses one coloring T_i and a message m of the message set M', calculates the color of the message m under the one coloring T_i and transmits the message m with the transmission code and the color of the message m under the one coloring T_i with the wiretap code,

wherein θ = {1,...,T} is a finite index set and a discrete memoryless compound wiretap channel , denoted by CWC, is a quintuple (

,

,

, W, V), wherein

is the finite input alphabet,

is the finite output alphabet for the legitimate receiver (RX),

is the finite output alphabet for the wiretapper (WT),

with

is the set of the transmission matrices whose output is available to the legitimate receiver (RX), and

with

is the set of transmission matrices whose output is available to the wiretapper (WT),

wherein (

,

) describes the CWC and a randomized

identification code of the CWC is a family of pairs

with

,

, ∀ i = 1,...,N, such that ∀ i, j = 1,...,N, i ≠ j the following relations are fulfilled





for any pair (i, j) with i ≠ j and any

wherein W_t (D_i|xⁿ) is the channel transmission matrix of the compound channel at state t defining the probability that D_i is received if xⁿ was transmitted.

Drawing